MCP Setup Guide
Set up governance for Cursor, Windsurf and Claude Code in 2 minutes.
The MCP (Model Context Protocol) Gateway enables governance of tool calls by coding agents like Cursor, Windsurf and Claude Code. Every tool call passes through Palveron for policy checks, PII detection and audit logging.
How It Works
- Your coding agent invokes a tool (e.g.
query_database,send_email) - Palveron intercepts the tool call as an MCP proxy
- Guardrails check the tool name, parameters and context against your policies
- If approved, the call is forwarded to the actual MCP server
- The result is logged as a trace with a complete audit trail
Setup: Cursor
Open Cursor Settings → MCP Servers → Add Server:
{
"mcpServers": {
"palveron-governance": {
"url": "https://gateway.palveron.com/mcp",
"headers": {
"Authorization": "Bearer pv_live_your_project_key"
}
}
}
}For self-hosted deployments:
{
"mcpServers": {
"palveron-governance": {
"url": "http://localhost:8080/mcp",
"headers": {
"Authorization": "Bearer pv_live_your_project_key"
}
}
}
}Setup: Windsurf
Windsurf uses the same MCP configuration format. Add the server under Windsurf Settings → MCP:
{
"mcpServers": {
"palveron-governance": {
"url": "https://gateway.palveron.com/mcp",
"headers": {
"Authorization": "Bearer pv_live_your_project_key"
}
}
}
}Setup: Claude Code
For Claude Code (Anthropic's CLI agent), add the MCP server to your configuration:
{
"mcpServers": {
"palveron-governance": {
"url": "https://gateway.palveron.com/mcp",
"headers": {
"Authorization": "Bearer pv_live_your_project_key"
}
}
}
}Registering External MCP Servers
Palveron can proxy requests to any MCP server. Register servers via the dashboard or API:
Dashboard
- Navigate to MCP Gateway → MCP Servers
- Click + Register Server
- Enter the server URL and authentication details
- Palveron automatically scans the server for available tools
API
curl -X POST https://gateway.palveron.com/api/v1/mcp/servers \
-H "Authorization: Bearer pv_live_your_project_key" \
-H "Content-Type: application/json" \
-d '{
"name": "Salesforce MCP",
"url": "https://mcp.salesforce.com/sse",
"auth_type": "bearer",
"auth_token": "sf_token_..."
}'From Connector Template
Palveron includes 11 preconfigured connector templates for popular services:
curl -X POST https://gateway.palveron.com/api/v1/mcp/servers/from-template \
-H "Authorization: Bearer pv_live_your_project_key" \
-H "Content-Type: application/json" \
-d '{
"template_id": "salesforce",
"config": { "auth_token": "sf_token_..." }
}'Available templates: Salesforce, Microsoft Copilot, ServiceNow, Slack AI, Teams Copilot, Zendesk AI, Intercom Fin, AWS Bedrock, Azure AI, Cursor, Claude Code.
Tool Policies
Create policies for specific tool calls:
curl -X POST https://gateway.palveron.com/api/v1/mcp/policies \
-H "Authorization: Bearer pv_live_your_project_key" \
-H "Content-Type: application/json" \
-d '{
"server_id": "srv_abc123",
"tool_name": "delete_records",
"action": "APPROVAL",
"reason": "Destructive database operations require human approval"
}'| Action | Behavior |
|---|---|
ALLOW | Tool call is forwarded without intervention |
BLOCK | Tool call is rejected with a reason |
APPROVAL | Tool call is paused until a human approves or rejects |
LOG_ONLY | Tool call is forwarded but flagged for review |
Approval Queue
When a tool call triggers an APPROVAL policy, it is placed in the queue:
- The coding agent pauses and waits
- A notification is sent via the configured webhook (Slack/Teams)
- An approver reviews the tool call in the MCP Approvals dashboard
- On approval, the call is forwarded; on rejection, an error is returned
Tool Scanning & Poisoning Detection
Palveron automatically scans registered MCP servers for tool definitions. If a tool's description changes between scans (potential rug pull / tool poisoning), it is flagged:
- Dashboard shows a warning badge on the affected server
- The Command Center surfaces a critical alert
- Optionally, affected tools are automatically blocked pending review
Monitoring
All MCP tool calls appear in the Command Center with dedicated metrics:
- Total tool calls over the selected period
- Blocked tool calls
- Active / failing MCP servers
- Pending approvals
- Suspected poisoning cases
Next Steps
- MCP Servers — Server registration and management
- Tool Policies — Fine-grained tool governance
- API Reference: MCP — Complete MCP endpoint documentation
- Quickstart — General onboarding guide